CVE-2007-4367

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."...

a specially crafted JavaScript can make Opera execute arbitrary code

A virtual function call on an invalid pointer that may referencedata crafted by the attacker can be used to execute arbitrary code...

Code injection

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous...

chmlib library memory corruption

Value from file is used directly in alloca function call...

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

Sql injection

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

FreeBSD : opera -- multiple vulnerabilities (78ad2525-9d0c-11db-a5f6-000c6ec775d9)

iDefense reports : The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-3693

Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks \ in an argument to the 1 mount-loop mount-loop.c or 2 umount-loop umount-loop.c command, which is not filtered in a system function call...

Format string

Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call...

CVE-2006-2115

Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call...

CVE-2006-1744

Buffer overflow in plmain.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call...

Buffer overflow

Buffer overflow in plmain.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call...

CVE-2006-1744

Buffer overflow in plmain.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call...

CVE-2006-1066

Linux kernel 2.6.16-rc2 and earlier, when running on x8664 systems with preemption enabled, allows local users to cause a denial of service oops via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUGSTACK stack during the dodebug function call...

Design/Logic Flaw

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to 1 thumbs.php, 2 showpic.php, or 3 tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

CVE-2005-0211

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter...